QUESTION
How to submit html code to a textbox and output as text without compromising security?
This is what I'm currently trying:
DATA GOES IN (SUBMITTED INTO TEXTBOX)
Dim txtInput As String = Server.HtmlEncode(Me.txtInput.Text)
DATA COMES OUT (READ AS TEXT ON PAGE)
txtOutput.Text = Server.HtmlDecode(MyText)
Desired output is for the format to be the same as initially entered.
You should HtmlEncode text you are setting in a textbox:
txtOutput.Text = Server.HtmlEncode(MyText)
And HtmlDecode text you are getting from a textbox:
MyText = Server.HtmlDecode(txtOutput.Text)
If you're storing the data in sql then I recommend using parameterized queries as well. It handles most security concerns, such as SQL injection, for you.